Vulnerability Details CVE-2022-48345
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.8%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/braintree/sanitize-url/commit/d4bdc89f1743fe3cdb7c3f24b06e4c875f349b0c
- https://github.com/braintree/sanitize-url/compare/v6.0.1...v6.0.2
- https://github.com/braintree/sanitize-url/commit/d4bdc89f1743fe3cdb7c3f24b06e4c875f349b0c
- https://github.com/braintree/sanitize-url/compare/v6.0.1...v6.0.2
Products affected by CVE-2022-48345
-
cpe:2.3:a:paypal:braintree/sanitize-url:1.0.0
-
cpe:2.3:a:paypal:braintree/sanitize-url:2.0.0
-
cpe:2.3:a:paypal:braintree/sanitize-url:2.0.1
-
cpe:2.3:a:paypal:braintree/sanitize-url:2.0.2
-
cpe:2.3:a:paypal:braintree/sanitize-url:2.1.0
-
cpe:2.3:a:paypal:braintree/sanitize-url:3.1.0
-
cpe:2.3:a:paypal:braintree/sanitize-url:4.0.0
-
cpe:2.3:a:paypal:braintree/sanitize-url:4.0.1
-
cpe:2.3:a:paypal:braintree/sanitize-url:4.1.0
-
cpe:2.3:a:paypal:braintree/sanitize-url:4.1.1
-
cpe:2.3:a:paypal:braintree/sanitize-url:5.0.0
-
cpe:2.3:a:paypal:braintree/sanitize-url:5.0.1
-
cpe:2.3:a:paypal:braintree/sanitize-url:5.0.2
-
cpe:2.3:a:paypal:braintree/sanitize-url:6.0.0